Introduction
In this privacy statement, we tell you how we handle your personal data, why we need them and what your rights are in this respect. In doing so, we are fulfilling one of the requirements imposed on us by the General Data Protection Regulation ("GDPR").
Who we are
As a data controller (SmartIntake AI, 'we' or 'us'), located at Vijverhofstraat 47, Rotterdam, we are responsible for processing your data in a compliant manner. We take it upon us to be transparent about the personal data we collect from you, the way we handle and protect your personal data, and how you can exercise your rights.
You can ask us at any time to stop processing or delete the data we have processed from you. For more information, please find your right below.
Processing of personal data
Personal data is any information relating to an identified or identifiable living person. In this specific case, we process the following categories of personal data:
Primary Data Processing
Voice recordings of consultations between professionals and their clients
Generated notes and summaries from these consultations
Account information (login credentials, number of sessions used, and application usage duration)
We only process these data when you are using our platform, whether through our web application or via integration with your organization's systems. The processing is based on the legal grounds of:
Performance of our service agreement with your organization
Compliance with legal obligations in the professional and healthcare sectors
Data Retention
Voice recordings and generated notes are deleted immediately after processing. In exceptional cases, such as technical failures (for example, internet connection errors), data may be temporarily retained for a maximum of 24 hours to ensure users can retrieve their information and prevent data loss. Longer retention periods are only possible if contractually agreed upon.
Sharing of personal data
We use the following data processors:
Google Cloud Platform (Web hosting, temporary data storage, and AI processing)
Microsoft Azure (AI processing)
Amazon Web Services (AI processing)
All data processing takes place within the European Economic Area (EEA). With each of these processors, we have concluded data processor agreements including Standard Contractual Clauses to ensure appropriate data protection safeguards. These agreements guarantee that our processors comply with European privacy laws and maintain the same high level of data protection that we commit to.
Organizational and technical measures
We have implemented appropriate technical and organizational measures to protect your personal data, including:
Advanced encryption during storage and transmission
Pseudonymization of personal data where possible
Regular security audits and testing
Multi-cloud infrastructure security controls
24-hour maximum data retention policy
Secure iframe implementation
Webhook system for delivering results with dossier number matching
SmartIntake AI is working towards ISO 27001/NEN 7510 certification. We establish access to personal data in accordance with these standards, and every employee signs a confidentiality agreement.
Your rights regarding personal data processing
Following the GDPR, you have the following rights regarding your personal data:
right to access
right to correction
right to be forgotten
right to restrict the processing
right to object to the processing
right to data portability